Development of the Internet protocols (IP) has facilitated widespread deployment of IP compliant packet switched networks for transferring of data between devices. Further, the IP addressing scheme enables the interconnecting of these IP compliant networks forming the Internet. When a device is coupled to an IP compliant network it is assigned an IP address. If the IP address is globally unique, any remote device can address IP compliant frames to the device using such globally unique IP address.
Because of the limited number of IP addresses available, certain blocks of IP addresses, referred to as private network addresses, have been set aside for use on private networks. These private network IP addresses are assigned and maintained locally and are therefore routable only on the local area network (LAN) on which the private network IP address is unique. Private network IP addresses are not globally routable on the Internet. A network address translation system (NAT) is used to couple the LAN to the Internet in a manner that enables all of the devices on the LAN to share the globally unique Internet routable IP address(es) assigned to the NAT system.
A NAT system does not allow any global Internet entity to connect to any private LAN entity unless the NAT system is configured with specific connection rules to enable certain LAN entities to operate as servers for clients outside the LAN. As such, a NAT system protects LAN entities from outside intrusion acting, as is known in the networking literature, as a “firewall”.
In a separate but related field of development, the Simple Network Management Protocols (SNMP) has been developed to enable a centrally located network management system (usually referred to an “NMS”) to monitor a large number of client devices (each operating as an SNMP agent) coupled to the network.
Each SNMP compliant agent implements a management information base (MIB) that includes variables required for monitoring, configuring, and controlling the client device. The SNMP protocol specifies a set of messages that may be exchanged between the NMS and each agent for the exchange of values associated with variables defined by the MIB. The SNMP messages are usually exchanged using the connectionless UDP/IP protocol. More specifically, SNMP messages are sent to an agent by addressing the message to the agent using the agent's IP address and UDP port 161. Responses are returned to the NMS by addressing the response to the NMS's IP address and the dynamic port from which the NMS sent the original message to the agent. Asynchronous Traps (unsolicited messages sent by the agent to the NMS) are sent to the NMS's IP address and UDP port 162.
A challenge with use of the SNMP protocols on a private network with private network IP addresses is that the messages may only be sent to an agent if the NMS is on the same LAN such that the agent's private network IP address is routable. An NMS on the global side of a NAT system can-not manage an agent on the private network side of the NAT system utilizing the messaging protocols discussed above because it can-not reach the entities with private network addresses.
To enable SNMP based management of a plurality of devices deployed on different kinds of networks that may not all be reachable by a single NMS, hierarchical distribution systems have been developed. A NMS may manage the plurality of devices through various distribution agents which act as SNMP “proxy” agents for the devices. There exists a distribution agent (with a private network IP address) on each LAN for managing the agents (with private network IP addresses) on that particular LAN. The distribution agent communicates each SNMP message with the NMS using traditional SNMP messaging through a “permanent hole” configured thought the LAN's firewall and communicates each SNMP message with the managed agent using SNMP messaging over the LAN.
A first problem with existing hierarchical solutions is that they require that a distribution agent to be present on each LAN on which a managed agent is located. In the context of managing Internet telephony devices, there may only be a small quantity of managed Internet telephony devices coupled to each LAN—such as one or two. As such, use of an existing hierarchical solution would require a quantity of distribution agents that approaches the number of Internet telephony devices deployed. Deploying such a large number of distribution agents is not practical.
A second problem with the existing hierarchical solutions is that the private network on which the distribution agent is located must be manually configured to enable the distribution agent to communicate with the NMS through a firewall hole. In the context of managing Internet telephony devices, the Internet telephony service provider will not have control over each LAN and will not be able to configure the LAN's firewall to permit the traditional UDP/IP communication between the NMS and the distribution agent.
In yet another related field of development, the Telnet protocols and HTTP protocols enable a user of a management workstation (operating a Telnet client or an HTTP client) to interface with a Telnet object or HTTP object (operating as a server) within a managed device to configure operating variables of the managed device.
A problem with use a Telnet session or an HTTP session to configure operating variables of a workstation on the global side of a NAT system can not manage a managed device on the private network side of the NAT system because the session can not be established through the NAT system.
What is needed is a network management system that enables a network management server, a Telnet client, and/or an HTTP client on a global network side of a NAT server to monitor, configure, and otherwise manage a plurality if managed devices independent of whether such managed devices are coupled to private networks and server by NAT systems.